formbook | cde5c3098db9276da56db0945cad4d99d87854cb2ed9c435bdef4dd30e832868 | Triage

Sharing

General

Target

e7a105a3b0baeefd605a1cfe0a3f2b92_JaffaCakes118
Size

273KB
Sample

240917-y3azaashkj
MD5

e7a105a3b0baeefd605a1cfe0a3f2b92
SHA1

fb2f95c7eb18fc8644d00a4187c62afb12c26b2c
SHA256

cde5c3098db9276da56db0945cad4d99d87854cb2ed9c435bdef4dd30e832868
SHA512

95eeb6d1ecfc50732fa7bc41d6c9751de53fe8bd4708706de07f4f915ec74d990f14959598ac9709b3071d549c7f6b67a557f0a492c13253a0d1886b5bc9eb9b
SSDEEP

6144:NeETYI4PV1552qYwdDdIx5fLR4ay02WjRcwFBj/XxgIc:UEY7v5fRe5N4ay01SwFVxc

Score

10^/10

formbook rs26 discovery rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs26

Decoy

amazon-review.info

17kaihuiba.com

timeableholdings.com

techvestorsmultifamily.com

rokketsoftware.com

abbigliamentoagricolo.com

artjiayi.com

smooouse.com

lightcastwired.com

bravuad.com

mr133.com

clubfitdartmouth.com

masturbation-stories.net

yedekparcatreni.com

pureologyrising.com

goodsystem2updating.download

fn4pk8p0o5.com

climatechangersofny.com

shuangxian023.com

lxiuot.men

Targets

- Target
  
  invoice.exe
- Size
  
  384KB
- MD5
  
  e6fcc19f1ef03db2c4d40dcb949ce40f
- SHA1
  
  0823317ace170ee272b02368c9a3daa5a292765b
- SHA256
  
  3f5c9bf874c9e7dbbd79fcafa447c3ae0f35659827f91555ba09a2fa13a862dd
- SHA512
  
  4bdaab26e5deb5da4fa93dc583da96292f05e40dd0da2b26eb1e33d7b5ce68f3db751586839826d43d9c0202ca2dfb8cccb51eda70c72bde7cf9e80779edc460
- SSDEEP
  
  6144:yQ78PdlxClB67NxX6JyBVIbMNISinsysqZbMyLYDtVJyg:yFSejXbVhISgdsqZbHLY3
Score

10^/10

formbook rs26 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrs26discoveryratspywarestealertrojan

behavioral2

formbookrs26discoveryratspywarestealertrojan